Managing data security is an important task for computing systems. Oftentimes, a computer system maintains both public data and confidential data. While public data can be accessed by a general public, confidential data should only be accessed by selected individuals. Therefore, a computer system should control data access based on the authority granted to individuals.
A computer system can address this issue by associating a computer readable medium with a security level and by associating an application (or a user operating the application) with an authority level. For example, if an application has an authority level that is less than the security level associated with the computer readable medium, the computer system can prevent the application from accessing data in the computer readable medium.
Unfortunately, simply controlling data access is not sufficient to prevent data leakage, partially because a single application can access multiple data items simultaneously. For example, if an application with a high authority level retrieves a file from a computer readable medium with a high security level, and creates a new file, based on the “high security” file, at another computer readable medium with a lower security level, then another application with a lower authority level can access the new file and gain access to information that was protected at the high security level.
As another example, if an application with a high authority level retrieves a file from a computer readable medium with a high security level, and copies (i.e., cuts-and-pastes) information in the “high security” file to a “low security” file stored in a low-security computer readable medium, then another application with a lower authority level can access the “low security” file and gain access to information that was protected at the high security level.
Therefore, there is a need in the art to provide systems and methods for improving the data security management. Accordingly, it is desirable to provide methods and systems that overcome these and other deficiencies of the related art.